Blue gradient Windows Server background image Blue gradient Windows Server background image
2 min read

Ten reasons you’ll love Windows Server 2016 #2: Active Directory and Identity

More on-premises control over user and administrator access for a cloud-first, mobile-first world

This is the second post in the “Ten Reasons you’ll love Windows Server 2016” video series by Matt McSpirit, Technical Evangelist at Microsoft.

Today, he introduces us to Samuel Devasahayam, Principal Group Program Manager on the Microsoft Identity team.

Identity is the new control plane to secure access to on-premises and cloud resources. It centralizes your ability to control user and administrative privileges, both of which are very important when it comes to protecting your data and applications from malicious attack. At the same time, our users are more mobile than ever, and need access to computing resources from anywhere.

If you use Active Directory today, you’ll want to hear Samuel talk about the new features coming in Windows Server 2016.

Windows Server 2016 adds new features to help you:

  • Set new controls for privileged access management
    • Some organizations have literally hundreds of admins, which represents a huge vulnerability and attack surface. Your administrators have the keys to the kingdom. But do they need all the keys, or should they be limited to the key to a particular area or application, or during a period of time – known as “just in time” administration?
    • Customers also have the option to have a separate admin forest based on Windows Server 2016 and project the admin memberships to existing forests. This helps reduce the impact to existing infrastructure and applications
  • Set new controls for sensitive applications
    • Not all applications are the same. Now you can set tighter control over user or device access to sensitive applications that contain customer or employee personal data
    • Multi-Factor Authentication provides a second layer of security that helps safeguard access to data and applications
  • Provide secure user access to corporate resources, both on-premises and in the cloud
    • Ability to authenticate against Azure AD Join
    • Active Directory supports authentication through modern and more secure methods, including Microsoft Passport and Windows Hello
    • Remove the need to expose password credentials to the Internet
  • Enable security and access control for mobile applications & RESTful services
    • Ability to authenticate and authorize application access with OAuth & OpenID Connect
  • Provide broader enterprise user access to corporate resources, both on-premises and in the cloud
    • Ability to authenticate users in any LDAP v3 compliant directory including virtual directories

Want to learn more? Visit us at or follow our blog at

We’d love to hear your feedback at

Get more updates on Windows Server 2016 by following the Windows Server team (@WindowsServer) and Matt (@mattmcspirit) on Twitter.

Check out the other posts in this series: